| Information society brings all kinds of convenience but also brings threat such as network security, which makes it is necessary to build a full range of computer security protection system. From the perspective of building complete safety protection system, has many kinds of security technology is widely used, firewall technology, data encryption, virus scan technology, etc. But these are referred to as passive defense, and complex network security issues also need to intrusion detection tools as a means of active defense, auxiliary various passive defense system to ensure the safety of the computer.The traditional intrusion detection system is set up on the local host, but this kind of architecture has such as computing power, such as poor extensibility, huge system limitations, it restricts the actual performance of the intrusion detection system. And the cloud support for virtualization, distributed computing, load balance, the advantages of large data processing capabilities can solve the above problems. Cloud killing model application is successful, to build on the cloud provides a successful case of intrusion detection system, in this paper, the architecture in Openstack intrusion detection system has carried on the preliminary exploration, and is designed and implemented based on it open source cloud platform of lightweight intrusion detection system.In this paper,How to build and implement the network intrusion detection system on the cloud platform as a starting point. First of all, it has carried on the brief introduction of the cloud platform, then this system the key support components involved Nova and Glance the project has carried on the detailed analysis. On this basis, the system can be divided into the cloud and the client two module design and implementation. The cloud using multi-node distributed deployment way, in the form of services provided to the client intrusion detection function. Core is that defines a strong extensibility, detection rules of high efficiency, low rate of false positives, as the cloud the realization of lightweight intrusion detection engine. Supplemented by the authentication module is responsible for managing the client’s authorization, the storage module is responsible for maintaining the client basic information database, rule base, suspicious packets library, communication module and client interaction, complete the cloud intrusion detection system is constructed. The client module is responsible for the captured data packets and through the communication module, interact with the cloud. The end of this article showed the build and run it in the stage Openstack multi-node distributed intrusion detection system, and the operation effect was tested and analyzed. |
PDF Full Text Request